View on MITRE ATT&CK

T1518 - Software Discovery

Tattiche:
Discovery
Piattaforme:
ESXi IaaS Linux macOS +1
Rilevamento:
Not specified
Description:
Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Adversaries may use the information from [Software Discovery](https://attack.mitre.org/techniques/T1518) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Such software may be deployed widely across the environment for configuration management or security reasons, such as [Software Deployment Tools](https://attack.mitre.org/techniques/T1072), and may allow adversaries broad access to infect devices or move laterally.

Adversaries may attempt to enumerate software for a variety of reasons, such as figuring out what security measures are present or if the compromised system has a version of software that is vulnerable to [Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068).
Sub-tecniche (2)
ID ATT&CK Azioni
T1518.001 Security Software Discovery
T1518.002 Backup Software Discovery
Usato da Attori (11)
MuddyWater
Nation-state
MUSTANG PANDA
Nation-state
WindShift
Unknown
SideCopy
Unknown
Volt Typhoon
Unknown
Inception
Unknown
HEXANE
Unknown
BRONZE BUTLER
Unknown
Tropic Trooper
Unknown
Windigo
Unknown
Sidewinder
Unknown
Malware (20)
Orz other InvisibleFerret other PUBLOAD other Woody RAT other Cuckoo Stealer other InvisiMole other P.A.S. Webshell other Siloscape other MarkiRAT other SocGholish other SpicyOmelette other LightSpy other Dyre other DustySky other SVCReady other CharmPower other Bundlore other Metamorfo other KGH_SPY other down_new other
Metadata
MITRE ID: T1518
STIX ID: attack-pattern--e3b6daca-e963-...
Piattaforme: ESXi, IaaS, Linux, macOS, Windows
Created: 13/01/2026 17:48
Updated: 21/04/2026 16:00